akuzma
Reputation: 1554
syslog-ng keep source hostname and last relay
I have SSB and syslog-ng clients writing to it. I need to have in logs hostname of source of log (using keep_hostname(yes)) and IP of last relay, like with option keep_hostname(no) in log. I need both of them in the same log, how can I achieve that?
Upvotes: 1
Views: 1644
Answers (1)
BiTN
Reputation: 46
Enable trusted option on Log/Source (keep_hostnames(yes)), and then you can create a rewrite rule one on Log/Paths page with a custom name (e.g. ip) as message part, and ${SOURCEIP} as replacement value. This way the SSB will put the source IP to a macro named ip, which will appear on the search page as a dynamic column.
Upvotes: 3
Related Questions
- how to remove hostname and timestamp from logs coming from remote syslog server
- logging with syslog-ng and systemd
- syslog-ng tail file missing last line
- How to get log in only **mylog**, instead of **mylog** and **syslog** using syslog-ng?
- Syslog-NG two relay server issue
- syslog-ng match and filter is not working the way I want
- IP instead of hostname
- Syslog-ng fails to read and write locally
- How can I separate logs based on source IP or hostname behind NAT using syslog-ng?